Protecting Your Amazon Seller Account from Hackers
by Liz Adamson
In the past several weeks seller forums and even news outlets have exploded with reports that seller accounts are being hacked in large numbers. These hackers are using stolen credentials, logging in to seller accounts and changing bank account information to route payments from Amazon.com, Inc. ("Amazon") into their own accounts. Sometimes the login is also changed, locking the owners out of their seller accounts. Sellers have lost anywhere from tens to hundreds of thousands of dollars as money is routed to the hackers’ bank accounts.
It should be no surprise that Amazon and its sellers have become a hot target for scams and hackers. With millions of dollars in sales happening every day, and many sellers not using proper safety precautions, it’s an easy and lucrative target.
So what should sellers be doing to protect their accounts?
If you haven’t already, set up two-factor authentication. This can be done in your Seller Central account through Settings > Login Settings > Advanced Security Settings. This will send a unique code to your phone and then require that it be entered as part of your login process any time you are logging in from a new computer or device.
Review User Access
Unless you run your Amazon business as a one-person team, you have multiple people logging in to your seller account on a daily basis. First off, ensure that everyone has their own user access and is also using two-factor authentication.
Next, review the permissions you have given their user accounts. Ensure that each user has the proper permissions and those who don’t need access to sensitive information like bank account and user settings have those features turned off.
Then, review all the users on the account. Are there former employees or contractors who still have active login credentials? Be sure these are deleted. I am not assuming that your former workers all have malicious intent (although some disgruntled ones may). What is more concerning is that their credentials could be stolen and used by someone else to hack your account.
Finally, some have recommended that you consider using one login for administrative purposes, and another with restricted access to bank information for your daily use.
Are you using “password” as your password? Your birthday? Company name? Are your employees and contractors using these? Don’t make it so easy to guess your login credentials. Your password should be some combination of letters and numbers that don’t really make any sense to anyone else. Amazon has some good guidelines and there are some great suggestions here.
After you have chosen a password, you should not use the same one across multiple sites. You should not email or store your passwords online, and you should change it often. This, of course, begs the question, how will you keep track of all your passwords if they are all different and always changing? Write it down on old fashioned paper and keep it in a safe place. Some people use computer apps that generate random passwords and store them securely for you. Of course, these are only as good as their security and could be hacked, as well.
Some sellers have an older Amazon account they don’t use any more for whatever reason. These have also been a hot target. Dormant accounts get hacked and used to list hundreds of popular products at low prices with long shipping times. The hackers, confirm shipment, never ship the product and collect payment before the customer ever realizes the product wasn't shipped. Review your old accounts and close them down if needed, or at the least use the above recommendations and make sure you are monitoring the email used for account notifications.
What to Do if Hacked
If you are hacked, notify seller support immediately and email email@example.com and firstname.lastname@example.org. They will start an investigation, but be aware it could take some time and your account may be closed down while they review.
Consider applying these recommendations to all your marketplace, financial, email and other sensitive accounts. It’s a digital world and thieves are becoming more sophisticated and creative. You wouldn’t leave your purse or wallet in your unlocked car on a busy city street. Don’t be lax with your digital security measures and leave your electronic door open to opportunistic thieves.
Originally published on June 20, 2017, updated August 12, 2019
This post is accurate as of the date of publication. Some features and information may have changed due to product updates or Amazon policy changes.